 |
| XKCD #538 |
the Lamborghini was suddenly rammed from behind by a white Honda Civic. At the same time, a white Ram ProMaster work van cut in front, trapping the Chetals. According to a criminal complaint filed after the incident, a group of six men dressed in black and wearing masks emerged from their vehicles and forced the Chetals from their car, dragging them toward the van’s open side door.Below the fold I look at Bloomberg updates from last week on why the crypto-bros are having to spend vast sums on defending against the threat of HODL-ing.
First, Emily Nicolle's Crypto High-Rollers Go Big on Bodyguards to Deter Kidnappers reports on the aftermath of a serious security breach at Coinbase:
Coinbase has said that the leak affected less than 1% of its monthly transacting users. Yet for months, criminals had access to customer data that included their names, addresses, government-ID imagery, transaction history and account balances. Customer support workers in India were bribed to offer access to the company’s data.The "crypto investors" who "operated anonymously" should have paid attention to the technology for deanonymization. Gosh and Lee report:
Criminals have already used the information to trick some Coinbase customers into handing over access to their accounts or transferring their tokens. As with data leaks from traditional banks, personal information can be used for online fraud and identity theft. But the physical threats are of particular concern to crypto investors, many of whom have long operated anonymously to avoid threats.
In most documented cases, attackers have identified marks in advance. Public blockchain records, leaked exchange data and chain-analytic tools — available to both investigators and criminals — together produce a legible map of who holds what.Because Coinbase is a US-based exchange, the investors had to undergo KYC/AML:
The concerns about physical safety have come to the fore after the Coinbase attack because the hackers who penetrated the cryptocurrency exchange gained access to data that could allow them to identify and track down customers with large holdings — a frightening prospect just a few days after the kidnapping attempt in France.So the exchange had to have their personal information, so their safety was in the hands of Coinbase's employees and systems. But not to worry because Coinbase is a: high-tech company:
The industry’s massive investments in protecting online systems may even be fueling the offline risks. Rapid crypto innovation has meant cracking cyber defences has become so challenging that adversaries are resorting to physical attacks, according to Charles Marino, CEO of the security firm Sentinel, which provides intelligence reports about ongoing threats in the crypto industry.The "industry’s massive investments" clearly didn't prevent low-paid "customer support workers in India" having access to personal information that placed their customers lives at risk.
But it isn't the customers' safety that Coinbase is worried about:
The elevated concerns around the safety of crypto executives and their loved ones are illustrated by the amount of money that Coinbase spends to protect its own chief executive officer, Brian Armstrong.Second, Suvashree Ghosh and Isabelle Lee report that Crypto Crime Escalates With Kidnappings, Cons and Human Coercion:
The company spent $6.2 million in personal security costs for Armstrong last year, according to an April regulatory filing that detailed executive compensation. That’s more than the combined amount that JPMorgan Chase & Co., Goldman Sachs Group Inc. and Nvidia Corp. spent on their respective CEOs, similar filings showed.
After a year of kidnappings, assaults and armed home invasions targeting cryptocurrency holders, the industry is racing to harden its defenses.Be careful what you wish for. It is possible to maintain anonymity (or rather pesudonyity) despite the transparency of the infrastructure, but doing so requires an extraordinary level of operational security. You are in hand-to-hand combat with North Korean hackers, not to mention "the Com" and other assorted criminals.
Conferences are beefing up security. Private firms serving crypto holders say demand has surged. Exchanges are protecting their executives.
...
The technology’s defining transparency, which its adherents have long celebrated as a structural improvement on the opaque plumbing of traditional finance, is the same feature that lets a criminal identify a target.
 |
| Attacks by Month |
Physical attacks on cryptocurrency holders rose 75% in 2025, reaching 72 confirmed incidents and $41 million in known losses, according to data compiled by the blockchain security firm CertiK. The figure is widely considered understated, with kidnappings and ransom demands often resolved privately. Jameson Lopp, co-founder of the Bitcoin custody firm Casa, maintains a separate public database that has tracked a roughly threefold increase of known so-called wrench attacks between 2023 and 2025.Check out Jamison Lopp's Known Physical Bitcoin Attacks. He has a job for life.
The mantra of the hard-core crypto-bros is "not your keys, not your coins", meaning that for safety you shouldn't trust exchanges to hold your coins. But the whales are finding that they need to trust physical vaults:
The founder of a large crypto protocol said he has moved his digital-asset holdings out of self-custody on-chain wallets and into physical vaults at four separate institutions, splitting his crypto across them as an additional safeguard. Each requires him to physically sign and wait through a seven-day lock period before any withdrawal. To access the full sum now takes him a month. He declined to be named, citing the risk of being identified to kidnappers.As Nicholas Weaver writes:
If Bitcoin is the "Internet of money," what does it say that it cannot be safely stored on an Internet connected computer?Nakamoto's goal was trustlessness but::
Crypto’s founding proposition was that financial sovereignty could be restored to individuals by removing intermediaries and anchoring wealth to cryptographic keys rather than institutional relationships. That proposition has held. The consequence is that the keys — and the people who hold them — are now the single point of failure. There is no bank branch to call and no regulator to appeal. A stolen key is a final transaction.Louis Ashworth follows up with A bitcoin miner spent $860k armouring vehicles for its bosses, a fact for which we have very little context:
“Criminals follow where they believe the money is,” said Healy. “And many crypto-affiliated individuals combine significant wealth with a uniquely difficult threat landscape.”
Here are two notes from the latest DEF14A compensation tables for MARA Holdings, the bitcoin miner (our emphases):Mara noted:
(3) Amount reflects costs related to personal security for Mr. Thiel pursuant to MARA’s security program ($4,300,629), including a one-time expense for vehicle armoring ($430,780) and a one-time expense for home security installation ($58,810); the incremental cost to the Company associated with Mr. Thiel’s personal use of Company aircraft ($43,114); and a Company contribution under our 401(k) plan ($10,500)We’ve never seen “vehicle armoring” disclosed as a perk before, and $869,160 of across two executives is quite a lot.
(6) Amount reflects costs related to personal security for Mr. Khan pursuant to MARA’s security program ($3,946,398), including a one-time expense for vehicle armoring ($438,380) and a Company contribution under our 401(k) plan ($10,500).
As a result of the Company’s substantial and publicly disclosed bitcoin holdings, our executives face an elevated and distinctive threat profile that differs materially from that of executives at most other public companies. Our CEO, CFO and other employees have experienced, and continue to experience, direct security threats.But this security is actually a good thing because across the entire cryptosphere there may be around $100M/year being siphoned from cryptocurrency users to lubricate the real economy of security companies, personal armored vehicles and bodyguards. Not to mention maybe half that being siphoned from HODL-ers via criminals to Lamborghini dealers. In the face of the looming recession, every bit of spending in the K-shaped economy helps to boost GDP.
No comments:
Post a Comment